Skip to main content
CVE-2024-3866 MEDIUM PATCH This Month

The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ninja Forms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-8741 MEDIUM PATCH This Month

The Beam me up Scotty - Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Beam Me Up Scotty
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8713 MEDIUM This Month

The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Kodex Posts Likes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-8549 MEDIUM PATCH This Month

The Simple Calendar - Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Google Simple Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-46934 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-20465 MEDIUM This Month

A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Cisco iOS
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2024-8067 MEDIUM This Month

In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.2%
CVE-2024-7421 MEDIUM This Month

An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47315 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give.15.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-20475 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Catalyst Sd Wan Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8546 MEDIUM PATCH This Month

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video widget in all versions up to, and including, 3.2.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Elementskit Elementor Addons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8668 MEDIUM PATCH This Month

The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +12 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Woolentor Woocommerce Elementor Addons Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9073 MEDIUM This Month

The GutenGeek Free Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.3 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Free Gutenberg Blocks
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9069 MEDIUM This Month

The Graphicsly - The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Graphicsly
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9068 MEDIUM This Month

The OneElements - Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Oneelements
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9027 MEDIUM This Month

The WPZOOM Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 1.0.5 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wpzoom Shortcodes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9024 MEDIUM This Month

The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Material Design Icons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-9141 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-8917 MEDIUM PATCH This Month

The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Football Leagues
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-8267 MEDIUM PATCH This Month

The Radio Player - Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute within the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Radio Player
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-47048 MEDIUM PATCH This Month

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-7426 MEDIUM This Month

The Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP Peepso
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-43237 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Steve Burge WordPress Tag Cloud Plugin - Tag Groups tag-groups.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-43990 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in StylemixThemes Masterstudy LMS Starter.1.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-40761 MEDIUM PATCH This Month

Inadequate Encryption Strength vulnerability in Apache Answer.3.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Answer
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-8678 MEDIUM PATCH This Month

The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wc/v3/revolut REST API endpoint in all versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Revolut Gateway For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8658 MEDIUM PATCH This Month

The myCred - Loyalty Points and Rewards plugin for WordPress and WooCommerce - Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Mycred
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-8941 MEDIUM This Month

Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Scriptcase
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-45613 MEDIUM PATCH This Month

CKEditor 5 is a JavaScript rich-text editor. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Ckeditor5
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-8291 MEDIUM PATCH This Month

Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal XSS Concrete Cms
NVD GitHub
CVSS 4.0
5.1
EPSS
0.5%
CVE-2024-9169 MEDIUM This Month

The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin debug settings in all versions up to, and including, 6.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Litespeed Cache
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-7398 MEDIUM PATCH This Month

Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 4.0
4.6
EPSS
0.5%
CVE-2024-8516 MEDIUM This Month

The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render() function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Themesflat Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-47305 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font use-any-font allows Cross Site Request Forgery.3.08. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-20434 MEDIUM This Month

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Apple Cisco Denial Of Service Ios Xe
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8910 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Information Disclosure PHP Ht Mega
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-8476 MEDIUM PATCH This Month

The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Easy Paypal Events
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-8434 MEDIUM PATCH This Month

The Easy Mega Menu Plugin for WordPress - ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Mega Menu
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-7491 MEDIUM PATCH This Month

The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Husky Products Filter Professional For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-7386 MEDIUM PATCH This Month

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Premium Packages Sell Digital Products Securely
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-8801 MEDIUM PATCH This Month

The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Happy Addons For Elementor
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-8437 MEDIUM This Month

The WP Easy Gallery - WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Easy Gallery
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-45599 LOW Monitor

Cursor is an artificial intelligence code editor. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy